← Back

CVE-2010-4235

nvd nist
Published: Apr 4, 2011Modified: Apr 29, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.

Affected (10)

Realnetworks
2 products
Helix Server
Helix Mobile Server
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Realnetworks
Helix Server
Version 12.0.0
Helix Server
Version 12.0.1
Helix Server
Version 13.0.0
Helix Server
Version 13.1.1
Helix Server
Version 14.0.0
Helix Server
Version 14.0.1
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Realnetworks
Helix Mobile Server
Version 12.0
Helix Mobile Server
Version 13.1.1
Helix Mobile Server
Version 14.0.0
Helix Mobile Server
Version 14.0.1

Related CWEs

CWE-134
Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.